diff --git a/api/build/status.go b/api/build/status.go
new file mode 100644
index 000000000..20d36c1d8
--- /dev/null
+++ b/api/build/status.go
@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package build
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
+
+	"github.com/go-vela/server/router/middleware/build"
+)
+
+// swagger:operation GET /status/{org}/{repo}/{build} builds GetBuildStatus
+//
+// Get a build status
+//
+// ---
+// produces:
+// - application/json
+// parameters:
+// - in: path
+//   name: org
+//   description: Name of the organization
+//   required: true
+//   type: string
+// - in: path
+//   name: repo
+//   description: Name of the repository
+//   required: true
+//   type: string
+// - in: path
+//   name: build
+//   description: Build number
+//   required: true
+//   type: integer
+// security:
+//   - ApiKeyAuth: []
+// responses:
+//   '200':
+//     description: Successfully retrieved the build
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '400':
+//     description: Invalid request payload or path
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '401':
+//     description: Unauthorized
+//     schema:
+//       "$ref": "#/definitions/Build"
+//   '404':
+//     description: Not found
+//     schema:
+//       "$ref": "#/definitions/Build"
+
+// GetBuildStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetBuildStatus(c *gin.Context) {
+	// capture middleware values
+	l := c.MustGet("logger").(*logrus.Entry)
+	b := build.Retrieve(c)
+
+	l.Debug("reading status for build")
+
+	// sanitize fields for the unauthenticated response
+	b.StatusSanitize()
+
+	c.JSON(http.StatusOK, b)
+}
diff --git a/api/repo/status.go b/api/repo/status.go
new file mode 100644
index 000000000..c1b59a5b1
--- /dev/null
+++ b/api/repo/status.go
@@ -0,0 +1,64 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package repo
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
+
+	"github.com/go-vela/server/router/middleware/repo"
+)
+
+// swagger:operation GET /status/{org}/{repo} repos GetRepoStatus
+//
+// Get a repository status
+//
+// ---
+// produces:
+// - application/json
+// parameters:
+// - in: path
+//   name: org
+//   description: Name of the organization
+//   required: true
+//   type: string
+// - in: path
+//   name: repo
+//   description: Name of the repository
+//   required: true
+//   type: string
+// security:
+//   - ApiKeyAuth: []
+// responses:
+//   '200':
+//     description: Successfully retrieved the repo
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '400':
+//     description: Invalid request payload or path
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '401':
+//     description: Unauthorized
+//     schema:
+//       "$ref": "#/definitions/Repo"
+//   '404':
+//     description: Not found
+//     schema:
+//       "$ref": "#/definitions/Repo"
+
+// GetRepoStatus represents the API handler to return "status", a lite representation of the resource with limited fields for unauthenticated access.
+func GetRepoStatus(c *gin.Context) {
+	// capture middleware values
+	l := c.MustGet("logger").(*logrus.Entry)
+	r := repo.Retrieve(c)
+
+	l.Debug("reading status for repo")
+
+	// sanitize fields for the unauthenticated response
+	r.StatusSanitize()
+
+	c.JSON(http.StatusOK, r)
+}
diff --git a/api/types/build.go b/api/types/build.go
index 2d6fa7041..9051b4cc1 100644
--- a/api/types/build.go
+++ b/api/types/build.go
@@ -1233,3 +1233,14 @@ func (b *Build) String() string {
 		b.GetTitle(),
 	)
 }
+
+// StatusSanitize removes sensitive information before producing a "status".
+func (b *Build) StatusSanitize() {
+	// sanitize repo
+	if b.Repo != nil {
+		b.Repo.StatusSanitize()
+	}
+
+	b.Email = nil
+	b.DeployPayload = nil
+}
diff --git a/api/types/repo.go b/api/types/repo.go
index 0d84b2417..bf9438fa0 100644
--- a/api/types/repo.go
+++ b/api/types/repo.go
@@ -723,3 +723,9 @@ func (r *Repo) String() string {
 		r.GetInstallID(),
 	)
 }
+
+// StatusSanitize removes sensitive information before producing a "status".
+func (r *Repo) StatusSanitize() {
+	// remove allowed events
+	r.AllowEvents = nil
+}
diff --git a/router/router.go b/router/router.go
index 2e7aebbb2..ca131ae63 100644
--- a/router/router.go
+++ b/router/router.go
@@ -34,8 +34,11 @@ import (
 
 	"github.com/go-vela/server/api"
 	"github.com/go-vela/server/api/auth"
+	apiBuild "github.com/go-vela/server/api/build"
+	apiRepo "github.com/go-vela/server/api/repo"
 	"github.com/go-vela/server/api/webhook"
 	"github.com/go-vela/server/router/middleware"
+	"github.com/go-vela/server/router/middleware/build"
 	"github.com/go-vela/server/router/middleware/claims"
 	"github.com/go-vela/server/router/middleware/org"
 	"github.com/go-vela/server/router/middleware/repo"
@@ -62,6 +65,13 @@ func Load(options ...gin.HandlerFunc) *gin.Engine {
 	// Badge endpoint
 	r.GET("/badge/:org/:repo/status.svg", org.Establish(), repo.Establish(), api.GetBadge)
 
+	// Status endpoints
+	status := r.Group("/status/:org/:repo", org.Establish(), repo.Establish())
+	{
+		status.GET("", org.Establish(), repo.Establish(), apiRepo.GetRepoStatus)
+		status.GET("/:build", org.Establish(), repo.Establish(), build.Establish(), apiBuild.GetBuildStatus)
+	}
+
 	// Health endpoint
 	r.GET("/health", api.Health)